Am not sure what is bucket means, but let me explain my requirement in simple text with examples. I have a search Query, I want to run this for every 10 mins Example: Step1: At 00:10 my search Query should run(here it should search logs from 00:00 to 00:10)--suppose we have 10 count Step-2: Again at 00:20 my search Query should run (here it should search logs for given search pattern from 00:00 to 00:20) Like this Query should run for every 10 mins and I want form chart with the count results from 00:00 to current time. Note: In Step 2 the count can increase or decrease from 10, becoz by 00:10 we have 10 count but after 00:10 there mi8 be chance that among those 10 count some mi8 not continue the same pattern. Example: At 00:10 , we have 10 active threads, again if I run that Query at 00:20 some of active threads(lets suppose 4) from 10 might be killed.So we have 6 active threads are there and also from 00:10 to 00:20 we have 2 more active threads added So when I run the Search from 00:00 to 00:20 Search apttern should return count as 8. ... View more